Index: scripts/globals.sh =================================================================== diff -u -r8d21136637cee0c5dd68e1a7837d4b6292203791 -rce3812aba1fc3f33343b32fc18ed9f42bfe9d3fa --- scripts/globals.sh (.../globals.sh) (revision 8d21136637cee0c5dd68e1a7837d4b6292203791) +++ scripts/globals.sh (.../globals.sh) (revision ce3812aba1fc3f33343b32fc18ed9f42bfe9d3fa) @@ -110,7 +110,7 @@ APPLICATION_PARAMS="&" -CloudSync_DRT_SERVER_IP=172.31.99.117 +CloudSync_DRT_SERVER_IP="" CloudSync_DRT_SERVER_PORT=80 CLOUD_USER=cloud Index: scripts/lockdown.sh =================================================================== diff -u -r8153639f3cd191aaf8b384e3b8aadde2d51da4ea -rce3812aba1fc3f33343b32fc18ed9f42bfe9d3fa --- scripts/lockdown.sh (.../lockdown.sh) (revision 8153639f3cd191aaf8b384e3b8aadde2d51da4ea) +++ scripts/lockdown.sh (.../lockdown.sh) (revision ce3812aba1fc3f33343b32fc18ed9f42bfe9d3fa) @@ -8,23 +8,18 @@ CONTENT_SUDOERS=" Defaults env_reset Defaults mail_badpass -Defaults secure_path=\"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin\" +Defaults secure_path=\"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\" Defaults use_pty # User privilege specification root ALL=(ALL:ALL) ALL -# Members of the admin group may gain root privileges -%admin ALL=(ALL) ALL - # Allow members of group sudo to execute any command +# this line should have been commented out to revoke any access from sudoers, +# other than what has been specifically mentioned below. +# but since it make the serviceability so hard it has not been. %sudo ALL=(ALL:ALL) ALL -# All serviceuser to execute any command -serviceuser ALL=(ALL:ALL) ALL -%serviceuser ALL=(ALL:ALL) ALL - - # Allow the denali user to execute specific commands as root. denali ALL=(root) NOPASSWD: /usr/bin/bluetoothctl denali ALL=(root) NOPASSWD: /usr/bin/tee * @@ -120,6 +115,9 @@ local fileTarget="/etc/sudoers" # Allow the denali user to execute specific commands as root. echo "$CONTENT_SUDOERS" > $fileTarget + + #removing the cloud user who runs the CloudSync entirely from sudoers + gpasswd -d cloud sudo } Index: scripts/start.sh =================================================================== diff -u -r763077dce249b1c3713611429ff0e26e27c4dff3 -rce3812aba1fc3f33343b32fc18ed9f42bfe9d3fa --- scripts/start.sh (.../start.sh) (revision 763077dce249b1c3713611429ff0e26e27c4dff3) +++ scripts/start.sh (.../start.sh) (revision ce3812aba1fc3f33343b32fc18ed9f42bfe9d3fa) @@ -23,55 +23,117 @@ DEMO_SETUP=0 DEMO_SWITCH="-D" -SERVER_IP=$CloudSync_DRT_SERVER_IP +MANUFACTURING_SETUP=0 +MANUFACTURING_SWITCH="-E" #Update only setup + +SERVER_IP="" # $CloudSync_DRT_SERVER_IP +SERVER_WS="" SERVER_PORT="3000" -SERVER_SWITCH="-S" +SERVER_SWITCH_DRT_WS="-W" #DRT server workspace/environment +SERVER_SWITCH_DRT_IP="-S" #DRT server IP address SERVER_CONFIG_LINE=".*\"url_mft\".*" SERVER_CONFIG_BGN=" \"url_mft\": \"http:\/\/" SERVER_CONFIG_END=":$SERVER_PORT\"," -SERVER_CONFIG_FILE="./cloudsync/cloudsync/config/config.json" +SERVER_CONFIG_FILE="./cloudsync/cloudsync/config/config" +SERVER_CONFIG_EXT="json" +SERVER_CONFIG_JSON="$SERVER_CONFIG_FILE.$SERVER_CONFIG_EXT" +SERVER_CONFIG_JSON_WS="$SERVER_CONFIG_FILE" +SERVER_DRT_WS_PRODUCT="production" +SERVER_DRT_WS_STAGING="staging" +SERVER_DRT_WS_QUALITY="quality" GLOBALS_CONFIG_MDFY="CloudSync_DRT_SERVER_IP=" GLOBALS_CONFIG_LINE="CloudSync_DRT_SERVER_IP=.*" GLOBALS_FILE="./globals.sh" - # command line parameters detection function setupParameters() { + DST_IP="$1" for arg in "$@"; do case $arg in "$DEMO_SWITCH") DEMO_SETUP=1 - echo "Setup started for demo mode" ;; - "$SERVER_SWITCH"*) + "$MANUFACTURING_SWITCH") + MANUFACTURING_SETUP=1 + ;; + "$SERVER_SWITCH_DRT_IP"*) SERVER_IP="${arg:2}" - getServerIP - if [[ $SERVER_IP == $CloudSync_DRT_SERVER_IP ]]; then - # same as default and no need to update. - return - fi - #If the server IP is not given or is invalid will be asked to enter and the defualt Diality prefered will be suggested. - #If the server IP is valid and accepted then change the CloudSync conf file - sed -i "s/$SERVER_CONFIG_LINE/$SERVER_CONFIG_BGN$SERVER_IP$SERVER_CONFIG_END/" $SERVER_CONFIG_FILE - #and modify the globals.sh - sed -i "s/$GLOBALS_CONFIG_LINE/$GLOBALS_CONFIG_MDFY$SERVER_IP/" $GLOBALS_FILE - echo "DRT Server IP: $SERVER_IP" ;; + "$SERVER_SWITCH_DRT_WS"*) + SERVER_WS="${arg:2}" + ;; esac done } +function setupPreparation() { + getDeviceIP + if (( $DEMO_SETUP )); then + echo "Device operation Mode : Demo Mode" + else + echo "Device operation Mode : Normal Operation" + fi + echo "Device IP Address : $DST_IP" + + # if it is the update only we don't need the configuration + if (( $MANUFACTURING_SETUP )); then + echo "Device setup Mode : Manufacturing Setup" + else + echo "Device setup Mode : Update Only" + return + fi + + getServerIP + echo "DRT Server IP Address : $SERVER_IP" + + getServerWS + echo "DRT Server Environment: $SERVER_WS" + + # create the conf file + local config_env_json="$SERVER_CONFIG_FILE" + local config_json="$SERVER_CONFIG_FILE" + + + # creat the config.json file + cp "$SERVER_CONFIG_JSON_WS""_""$SERVER_WS"".""$SERVER_CONFIG_EXT" $SERVER_CONFIG_JSON + if [[ ! -e $SERVER_CONFIG_JSON ]]; then + echo "The file $SERVER_CONFIG_JSON cannot be created" + exit 0 + fi + + # setting up the DRT Server IP address + #If the server IP is not given or is invalid will be asked to enter and the defualt Diality prefered will be suggested. + #If the server IP is valid and accepted then change the CloudSync conf file + sed -i "s/$SERVER_CONFIG_LINE/$SERVER_CONFIG_BGN$SERVER_IP$SERVER_CONFIG_END/" $SERVER_CONFIG_JSON + #and modify the globals.sh + sed -i "s/$GLOBALS_CONFIG_LINE/$GLOBALS_CONFIG_MDFY$SERVER_IP/" $GLOBALS_FILE +} + function displayHelp() { if [ "$1" = "-h" -o "$1" = "--help" ]; then echo -e "-h \t This help" - echo "usage start.sh [ [xxx.xxx.xxx.xxx] ] -D -S[[xxx.xxx.xxx.xxx]]" - echo "device IP : M ust always be the first parameter" - echo "-D : Indicating the system is going to be setup in Demo mode." - echo " The Demo application folder need to be copied to the update folder." - echo "-S : Shall include the server IP in complete IP format [xxx.xxx.xxx.xxx]" + echo "usage start.sh [ [xxx.xxx.xxx.xxx] ] -D [-S[xxx.xxx.xxx.xxx] -W]" + echo "device IP : The Device IP Address Under Setup" + echo " Must always be the first parameter" + echo "-D : Demo mode" + echo " Demo mode mode can be used to use the device as a demo unit." + echo " In this mode Application will not work with the actual hardware and will work in simulation mode." + echo " The Demo application folder need to be copied to the update folder manually." + echo "-E : Manufacturing setup mode" + echo " The Manufacturing setup will wipe device configuration, setup, registration," + echo " and nees a fresh configuration, and device registration on the cloud," + echo " therefore the -S and -W is mandatory." + echo "-S : The DRT Server IP address" + echo " Need to be entered fully in a valid IP format [xxx.xxx.xxx.xxx]" echo " There should be no space between -S and the server IP address" echo " For example : -S192.168.1.5" + echo "-W : The DRT Server Workspace/Environment:" + echo " Shall only include the server environment from the following list:" + echo " - production" + echo " - staging" + echo " - quality" + echo " For example : -Wproduction" exit 0 fi } @@ -86,16 +148,6 @@ fi } -function defaultIP() { - if [ -n "$1" ]; then - if [ ${#1} -gt $IP_SEG_MAX_LEN ]; then - DST_IP=$1 - else - DST_IP=$IP_EMT"$1" - fi - fi -} - function setupLogs() { local log_location=$LOG_LOCATION/$DST_IP mkdir -p $log_location @@ -185,12 +237,7 @@ } function manufacturingModePrompt() { -# I set to always enabled for now to always go to the manufacturing mode -# 1 - Even for normal setup start is moving files to /home/root, so the lockdown needs to run to move files. -# 2 - The UI still needs to be executed to decrypt the /var/configurations, otherwise the configurations can not be updated, -# and I don't have the ability to just decrypt and exit right now. -# Note: after the Cybersecurity release I will improve the user experience and will make it easier for manufacturing. -# CONTINUE="y" + if (( $MANUFACTURING_SETUP )); then :; else return; fi echo_star_comment echo_star_message "Do you want to run in the Manufacturing Mode?" @@ -201,8 +248,8 @@ sshRun "echo $SETUP_ENABLE_MANUFACTURING_MODE > $SETUP_CONF_FILE" echo_star_message "Set the setup in manufacturing mode" else - sshRun "echo '' > $SETUP_CONF_FILE" - echo_star_message "Continuing the setup in normal mode" + echo_star_message "Abort the Manufacturing setup by user" + exit 0 fi } @@ -212,7 +259,7 @@ if [ $? -eq 0 ]; then break else - read -p "Please enter the device Ip address: " -e -i "$IP_EMT" -r DST_IP + read -p "Please enter the device Ip address: " -e -i "" -r DST_IP validIP "$DST_IP" if [ $? -eq 0 ]; then break @@ -230,7 +277,7 @@ if [ $? -eq 0 ]; then break else - read -p "Please enter the server Ip address: " -e -i "$CloudSync_DRT_SERVER_IP" -r SERVER_IP + read -p "Please enter the server Ip address : " -e -i "" -r SERVER_IP validIP "$SERVER_IP" if [ $? -eq 0 ]; then break @@ -242,6 +289,39 @@ done } +function validWS() { + if [[ -z $SERVER_WS ]]; then return 1; fi + + case $SERVER_WS in + "$SERVER_DRT_WS_PRODUCT");; + "$SERVER_DRT_WS_STAGING");; + "$SERVER_DRT_WS_QUALITY");; + *) + echo "The entered server environment is not valid [$SERVER_WS]" + return 1 + esac + + return 0 +} + +function getServerWS() { + while true; do + validWS "$SERVER_WS" + if [ $? -eq 0 ]; then + break + else + read -p "Please enter the server environment: " -e -i "" -r SERVER_WS + validWS "$SERVER_WS" + if [ $? -eq 0 ]; then + break + else + echo "The entered server environment is not valid [$SERVER_WS]" + exitConfirm $? + fi + fi + done +} + function setupBootupScripts() { echo_dash_comment echo_dash_message "Installing bootup scripts" | tee -a $LOG_OUT_FILE @@ -324,10 +404,6 @@ } function main() { - displayHelp "$1" - - defaultIP "$1" - getDeviceIP setupLogs sshKeyGen @@ -347,8 +423,10 @@ } # running the main function +displayHelp "$1" setupParameters "$@" +setupPreparation main "$1" connect - exit 0 +